Case sensitivity in Kerberos principal names.
Andrew Bartlett
abartlet at samba.org
Fri Mar 10 07:53:52 GMT 2006
On Fri, 2006-03-10 at 01:42 -0600, Christopher R. Hertel wrote:
> Andrew Bartlett wrote:
> :
> >>The problem seems to be the case of the principal. The Celerra goes
> >>against the grain by sending principal names in the form NAME at realm (that
> >>is, UPPER at lower). The Windows KDC will "canonicalize" the name changing it
> >>to name at REALM (that is, lower at UPPER).
> >
> > A well known behaviour.
>
> Which, the behavior of the Windows KDC or the odd choice of capitalization
> from the server?
The windows KDC behaviour.
> > I'll assert that it would be far, far easier for one commercial NAS
> > device to check AD for the correct case than for all the Linux and Apple
> > MAC clients in the world to change behaviour.
>
> My feelings as well, but I need to convince the vendor that it is worth
> doing.
They live in a windows only world I presume? :-)
We can't fix what clients are out there. I would have thought that this
is an easy fix, compared to the customer pain, but clearly they don't
feel that...
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060310/0d81b63a/attachment.bin
More information about the samba-technical
mailing list